The ISO27001 external auditor came to the Clinco offices yesterday to scrutinise our data protection systems. These are subject to annual audit. Having achieved the data protection standard last year, we now have 18 months’ worth of evidence to show commitment and integrity in relation to information security. We took the decision two years ago that, as a leading provider of medical records pagination services, we should also be leading on data protection. All the medical records we are paginating are classified as special category data and we want to show we are protecting that information.
The ISO standard for information security is wide-ranging. Electronic security opens up a whole raft of issues and risks which need to be minimised or eliminated. Physical security is equally important. What we came to realise in the early days of our application for ISO27001 is that almost every aspect of a business can affect information security – from recruitment to continuity planning.
With this in mind it is not surprising that it took five hours of intense scrutiny yesterday for the external auditor to be satisfied that he had examined enough evidence to continue Clinco’s data protection accreditation. He also interviewed our IT support team and the site head of security. I have not seen the full report yet, but I am pleased to report that Clinco’s systems passed with flying colours – no major or even minor non-compliances. We are therefore confident that our services continue to be offered without risk to our clients’ data and in a way which meets compliance requirements in the new data protection landscape.
Well done to the Clinco staff, who made such an impressive contribution to the successful outcome.